Contact us
Get started
Loading...
Important Notice - Forums is archived

To simplify things and help our users to be more productive, we have archived the current forum and focus our efforts on helping developers on Stack Overflow. You can post new questions on Stack Overflow or join our Discord channel.

Product icon
TUTORIAL

Vaadin lets you build secure, UX-first PWAs entirely in Java.
Free ebook & tutorial.

Calling javascript synchronously by Enver Haase, 1 week ago
Recent Posts
Vaadin Forum3. Vaadin 6, 7, 8

UIDL containing HTML gets blocked by firewall

Michael S
7 years ago Jan 04, 2016 2:59pm

Hi,

I am facing a problem with a TextField (Vaadin 7.3.3) having a user input containing HTML tags. This is recognised by our (web application) firewall as XSS and gets blocked. Here is the UIDL POST request:

POST /admin/v1/UIDL/?v-uiId=0 HTTP/1.1
Host: some.server.com
Connection: keep-alive
Content-Length: 174
Origin: https://some.server.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.80 Safari/537.36
Content-Type: application/json; charset=UTF-8
Accept: */* Referer: https://some.server.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8
Cookie: AL_SESS-S=AAABLs2qH_JhNTJiNzkyNzg0Y2YzNmZjZWQxMDViNDY0ODgzZjNlMQAAKfkkVjRg4fiA6HX3DJzfoGo4i!0=
{"csrfToken":"f26c6fd9-a3ba-4d01-9644-953f6d8fef9d", "rpc":[["83","v","v",["c",["i","0"]]],["84","v","v",["text",["s","<html>"]]],["84","v","v",["c",["i","6"]]]], "syncId":8

Please note the <html> snippet in the JSON.

Is there any way to work around this? I would prefer to solve this by Vaadin means and not by changing the firewall rules making the application dependant from the environment.

Thanks in advance and kind regards
Michael